rpms/bind
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Drop downstream patch for nslookup/host rejected by upstream

Browse Source 
Upstream response:
26337  nslookup fails to get answer from non-recursive auth server
There has been a lot of email back and forth with Adam on this.
We have decided we cannot accept it, we disagree on the appropriate DNS behavior.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2014-12-12 14:17:08 +01:00
parent 460bee9b36
commit e001c1a066
2 changed files with 4 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bind.spec
View File

@ -24,7 +24,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: ISC License: ISC
Version: 9.9.6 Version: 9.9.6
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 6%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -72,7 +72,6 @@ Patch111:bind97-exportlib.patch
Patch112:bind97-rh645544.patch Patch112:bind97-rh645544.patch
Patch119:bind97-rh693982.patch Patch119:bind97-rh693982.patch
Patch123:bind98-rh735103.patch Patch123:bind98-rh735103.patch
Patch124:nslookup-norec.patch
Patch125:bind99-buildfix.patch Patch125:bind99-buildfix.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch
Patch131:bind-9.9.1-P2-multlib-conflict.patch Patch131:bind-9.9.1-P2-multlib-conflict.patch
@ -312,9 +311,6 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%patch112 -p1 -b .rh645544 %patch112 -p1 -b .rh645544
%patch119 -p1 -b .rh693982 %patch119 -p1 -b .rh693982
%patch123 -p1 -b .rh735103 %patch123 -p1 -b .rh735103
pushd bin/dig
%patch124 -p0 -b .nslookup-norec
popd
%patch125 -p1 -b .buildfix %patch125 -p1 -b .buildfix
%patch130 -p1 -b .libdb %patch130 -p1 -b .libdb
%patch131 -p1 -b .multlib-conflict %patch131 -p1 -b .multlib-conflict
@ -1022,6 +1018,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif %endif
%changelog %changelog
* Fri Dec 12 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-6.P1
- Drop downstream patch for nslookup/host rejected by upstream
* Tue Dec 09 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-5.P1 * Tue Dec 09 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-5.P1
- Update to 9.9.6-P1 (CVE-2014-8500) - Update to 9.9.6-P1 (CVE-2014-8500)

28
nslookup-norec.patch
View File

@ -1,28 +0,0 @@
--- dighost.c.orig 2011-03-11 07:46:58.000000000 +0100
+++ dighost.c 2011-10-28 14:31:29.806591603 +0200
@@ -2619,8 +2619,13 @@ connect_timeout(isc_task_t *task, isc_ev
}
} else {
fputs(l->cmdline, stdout);
- printf(";; connection timed out; no servers could be "
- "reached\n");
+ if (!next_origin(ISC_LIST_HEAD(l->q))) {
+ printf(";; connection timed out; no servers could be "
+ "reached\n");
+ } else {
+ printf(";; connection timed out; trying next "
+ "origin\n");
+ }
cancel_lookup(l);
check_next_lookup(l);
if (exitcode < 9)
@@ -3270,7 +3275,8 @@ recv_done(isc_task_t *task, isc_event_t
return;
}
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
- (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
+ (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 &&
+ msg->rcode != dns_rcode_noerror && l->recurse))
{
dig_query_t *next = ISC_LIST_NEXT(query, link);
if (l->current_query == query)